SAP NetWeaver contains a flaw in the Exportability Check Service that allows an attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow a remote attacker to gain access to arbitrary files.